there's no support for WS-Security in SOAP::WSDL, so your're quite on your own there.
The best approach probably is to write your own serializer/deserializer pair.
While the serializer has to add the WS-Security header, the deserializer has to remove it. The deserializer is the tricky part, because SOAP::WSDL's parser will possibly throw errors on unexpected elements (like the WS-Security stuff). You may need to add the WS-Security elements to the typemap used by the parser.